Well, now you've made me go and try it. I couldn't get OpenSSL to use
RSAwithMD2, but it works fine with MD5:
openssl req -x509 -out client-cert.pem -new -newkey rsa:512 -md5 -nodes
-keyout client-priv.pem
openssl pkcs12 -export -in client-cert.pem -inkey client-priv.pem -out
client.p12
# Preferences > Advanced > Certificates > View Certificates > Your
Certificates
# Import the p12
# Configure /etc/hosts to point
example.com to 127.0.0.1
openssl req -x509 -out server-cert.pem -new -newkey rsa:2048 -sha256 -nodes
-keyout server-priv.pem
openssl s_server -cert server-cert.pem -key server-priv.pem -accept 8080
-www -Verify 0
# Navigate to
https://example.com:8080/
# Add an exception for the server cert
# Note that the client cert you just imported is offered in the prompt
# Select the client cert you just imported
# Note that the server accepts the client cert